Log in

View Full Version : JavaCard internal structure (JCOP, CyberFlex, etc.)


FractalizeR
March 11th, 2005, 17:35
Hello, dear Sirs!

I'd like to know, what is the internal structure of such JavaCards like IBM JCOP and CyberFlex for example. Their memory, where applets are stored is undumpable. How is this achieved? What are these cards based on, so nobody can read their memory contents?

JMI
March 11th, 2005, 18:02
IF you have read the FAQ, then tell us what YOU have done to try to find the answer to your question, because that is supposed to be your FIRST step. Have you done any searching with "JavaCards" (without the quotes) or even "JavaCards + structure" (again without the quotes)??? Do that first and then come back.

Regards,

FractalizeR
March 12th, 2005, 11:29
Hello!
Thank you for your answer. I read the fAQ of course. And I of course searched your forum for "JavaCard" and the result is only one post
http://woodmann.net/forum/showthread.php?t=4543
which of course is not affiliated with my question.

I did a search over Google for "JavaCard", "dump", "CyberFlex" and so on, but I didn't find any information about JavaCard (JCOP or CyberFlex) internal architecture or methods of dumping them. I know GlobalPlatform standard, I use CyberFlex cards for protecting my programs. They contain hidden algos, which are the core of my programs. I wrote my own APDU protocol implementation for using in my software.
I know, that it is impossible to get applet code, after applet is uploaded to the cards at least on CyberFlex and JCOP cards. But why? What protection is used to prevent dumping applets from card's memory? This information is of course not public. CyberFlex cards is patented and of course nobody will tell me: "Dear, our cards are based on xxx. To dump applet you need to make yyy"

I just want to know, is there at least one occurence of dumping applet code from card in a world? I never heard about such. If it was happen, what is the cost of such operation (I mean 10$, 1000$, or may be 100000$)? I'd like to have such information to know, if I can use JavaCards to protect my software without worrying or not?

JMI
March 12th, 2005, 15:59
NOW that is a MUCH better and informative question, which complies with the FAQ. Hopefully, someone who may have played with thess structures can now give you some information which would help you advance you understanding.

One more important point. When you Reply, unless there is some specific reason to quote a part of a previous post, use the small button on the far left, which replys without quotes. There are also the found on the right, a Post Reply Button and below a Quick Reply plane. These choices do not automatically include a quote of the entire previous post. Including the entire previous post is generally a complete waste of database space, since it is there for anyone to read anyway.

Welcome aboard.

Regards,

FractalizeR
March 13th, 2005, 06:47
Thank you once more. I will wait for somebody to answer...

ColdWinterWind
March 15th, 2005, 13:36
It sounds like you've got a situation similar to satellite receiver systems that use a smart-card. The only way to access/mod the 'embedded' area of the card is via a dedicated controller (hardware) box, which interfaces your computer with the card, and has the necessary additional circuitry to manipulate the Control Pins (sic) on the card's chip.

Since I don't have any logic probes, and can't solder for squat anyway, I don't poke around in it much.

Just Googled 'JavaCard controller'.... many hitz.

FractalizeR
March 15th, 2005, 15:39
Thank you, I searched Google for JavaCard controller too, but found, that this Controller is just the heart of the card itself. It is not the device to read it's memory...

ColdWinterWind
March 18th, 2005, 08:21
Yeah. It may be that no-one has built an EEPROM burner for that particular type of card. Googling EEPROM burner JCARD only had one (!) hit, to a French page that isn't accessible. You might find something n the satellite community...